Microsoft: Iranian cyberattack targeted a US presidential campaign
Phosphorous also pursued officials, journalists and expatriates.
Iran has apparently been engaged in a large-scale cyberattack bent on compromising American politics. Microsoft reported that Phosphorous, a known group it believes is linked to the Iranian government, attacked 241 email accounts in a 30-day period between August and September, including those for a US presidential campaign as well as current and former US officials, journalists covering world politics as well as "prominent" expatriate Iranians. Four of these accounts were compromised, though this didn't include the presidential run or any officials.
The intruders "were not technically sophisticated," Microsoft said, but they were determined. They conducted extensive research of personal info to identify accounts and potentially fool account recovery systems, sometimes obtaining phone numbers used for two-factor authentication. There were over 2,700 attempts to identify accounts over the roughly month-long stretch. Phosphorous frequently used spear phishing in hopes it might trick users into providing login details through fake web forms.
Microsoft said it had notified Phosphorous' targets, and was helping compromised users secure their accounts. It also recommended that political figures use its AccountGuard program to get advanced monitoring and threat alerts.
Iran hasn't acknowledged its involvement in the attacks. However, they wouldn't be surprising in light of escalating tensions between the US and Iran that have included digital warfare. Iran has also been accused of conducting a Russia-like disinformation campaign meant to skew American politics ahead of the 2020 presidential election. If Iran is involved, this would mainly represent one of the most overt attacks to date.
